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Claim Rejections - 35 USC §103 

1. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

2. Claim 1 is rejected under 35 U.S.C. 103(a) as being unpatentable over Eisenberg (U.S. 

Patent Pub No.: US2003/0188001) in view of Maufer (US Patent No.: 7,120,930) 

Referring to claim 1, Eisenberg teaches: A network address translation (NAT)-enabled device 
(Proxy (7 per Fig 1)) comprising: 

a NAT facility for connecting at least two hosts inside a first network to a second network, 
wherein the NAT facility allows the inside hosts to share an address of the second network 
(Proxy (NAT facility) for connecting a single host (1 per Fig 1) inside a private network or local 
(first network) to a public network (second network) per Pg 1 Para[0005] to [0012]) 

a gateway interface for connecting to a demilitarized zone (DMZ) host inside the first network 
(inherent local interface on Proxy (gateway interface) for connecting a local network (inherent 
DMZ) inside the local or first network per Fig 1 and per Pg 1 Para [0005] to [0012]) 

a disposer (NAT per Pg 1 Para [0005] to [0012]) connected to the gateway interface (inherent 
local interface on proxy) for assigning an address of the second network to the DMZ host (NAT 
assigns IP address per Pg 1 Para[0009]); and 

a dispatcher connected to the gateway interface and the NAT facility of communicating message 
between the second network and the gateway interface or the NAT facility according to a 
communication criteria of the message (The combination of the Access list and packet filter 
(dispatcher) are inherently connected to the inherent local interface on the Proxy and is also 
connected to the Proxy (NAT facility and either filter or pass packets or messages on route to the 
single host per Fig 1 according to a criteria based upon the packet or message per Pg 1 Para 
[0005] to [0012])) 

Eisenberg does not expressly call for: at least two hosts 

Maufer teaches: at least two hosts (col. 1 lines 27 to col. 2 lines 27) 
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It would have been obvious to add at least two hosts of Maufer to the system of Eisenberg so that 
the local network could scale to support more hosts. 

3. Claims 2-3 are rejected under 35 U.S.C. 103(a) as being unpatentable over Eisenberg 
(U.S. Patent Pub No.: US2003/0188001) in view of Maufer (US Patent No.: 7,120,930) further 
in view ofNesset (U.S. Patent No.: 5,968,176) 

Referring to claim 2, the combination of Eisenberg and Maufer teach: the NAT-enabled device 
of claim 1. 

The combination of Eisenberg and Maufer do not expressly call for: wherein the communication 
criteria is derived from a medium control (MAC) address of the message 

Nesset teaches: wherein the communication criteria is derived from a medium control (MAC) 
address of the message (Filtering on MAC SA per col. 1 1 lines 54 to 63 

It would have been obvious to add the packet filtering ofNesset to the dispatcher of the 
combination of Eisenberg and Maufer in order to build a system which improved the reliability 
by filtering on MAC SA of the received packets. 

Referring to claim 3, the combination of Eisenberg , Maufer and Nesset teach the NAT-enabled 
device of claim 2 and Eisenberg teaches the disposer. 

The combination of Eisenberg and Nesset do not expressly call for: assigns the second network 
address of the NAT-enabled device to the DMZ host if such address is public. 

Maufer teaches: assigns the second network address of the NAT-enabled device to the DMZ 

host if such address is public.(col. 1 lines 27 to col. 2 lines 27) 

« 

» 

It would have been obvious to one of ordinary skill in the art at the time of the invention to add 
assigns the second network address of the NAT-enabled device to the DMZ host if such address 
is public of Maufer to the system of the combination of Eisenberg, Maufer, and Nesset in order 
to build a system which scales to support more that one host on the local network. 

4. Claims 4-8 are rejected under 35 U.S.C. 103(a) as being unpatentable over Eisenberg 
(U.S. Patent Pub No.: US2003/0188001) in view of Maufer (US Patent No.: 7,120,930) in view 
ofNesset (U.S. Patent No.: 5,968,176) further in view of Shen (U.S. Patent Pub. No.; 



US2004/0139170) 
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Referring to claim 4, the combination of Eisenberg, Maufer, and Nesset teach: the NAT-enabled 
device of claim 3 as well as the temporary second network address and Eisenberg teaches the 
disposer 

The combination of Eisenberg, Maufer, and Nesset do not expressly call for: associated the 
validity lifetime to the DMZ host if the second address of the NAT-enabled device is not public 

Shen teaches: associated the validity lifetime to the DMZ host if the second address of the NAT- 
enabled device is not public (Pg 2 Para [0015] to [0016]) 

It would have been obvious to one of ordinary skill in the art at the time of the invention to add 
the associated the validity lifetime to the DMZ host if the second address of the NAT-enabled 
device is not public of Shen to the system of the combination of Eisenberg, Maufer, and Nesset 
in order to build system optimizes the assignment of IP address by keeping track of their time to 
live. 

In addition Eisenberg teaches: 

Regarding claim 5, wherein the disposer assigns an address to the DMZ host in response to a 
request from the DMZ host (Pg 1 Para [0009]) 

Referring to claim 6, he combination of Eisenberg, Maufer, Nesset, and Shen teach: the NAT- 
enabled device of claim 5. 

The combination of Eisenberg, Maufer and Nesset do not expressly call for: wherein the disposer 
allows the DMZ host to acquire a validity lifetime to transmit message or obtain address of the 
hosts in the second network up a request by the DMZ host 

Shen teaches: wherein the disposer allows the DMZ host to acquire a validity lifetime to transmit 
message or obtain address of the hosts in the second network up a request by the DMZ host (Pg 2 
Para [0015] to [0016]) 

It would have been obvious to one of ordinary skill in the art at the time of the invention to add 
the wherein the disposer allows the DMZ host to acquire a validity lifetime to transmit message 
or obtain address of the hosts in the second network up a request by the DMZ host of Shen to the 
system of the combination of Eisenberg, Maufer, Nesset, and Shen in order to in order to build 
system optimizes the assignment of IP address by keeping track of their time to live. 

In addition Eisenberg teaches: 

Regarding claim 7, wherein the dispatcher stores the address of the DMZ host and compares the 
destination address information of message received from the second network with the address 
of the DMZ host forwarding the message to the DMZ host when the AC address does not 
correspond to the DMZ host (NAT translates incoming packet or message and sends to the DMZ 
host otherwise the packets are inherently truncated per Pg 1 Para [0006] to {0009]) 



Application/Control Number: 10/708,554 
Art Unit: 2619 



Page 5 



Referring to claim 8, the combination of Eisenberg , Maufer and Nesset teach the NAT-enabled 
device of claim 7 wherein the dispatcher identifies the message being sent to the second network 

The combination of Eisenberg & Maufer do not expressly call for: checking the MAC address of 
such a message 

Nesset teaches: checking the MAC address of such a message (col. 1 1 lines 54 -63) 

It would have been obvious to one of ordinary skill in the art a the time of the invention to add 
the checking the MAC address of such a message of Nesset to the system of the combination of 
Eisenberg, Maufer, and Nesset in order to build a system which improves the security by 
filtering on source address. 

5. Claim 9 is rejected under 35 U.S.C. 103(a) as being unpatentable over Eisenberg (U.S. 
Patent Pub No.: US2003/0188001) in view of Assano (US Patent No.: 7,197,035) further in view 
of Shen (U.S. Patent Pub. No.: US2004/0139170) 

Referring to claim 9, Eisenberg teaches: A network address translation (NAT)-enabled device 
(Proxy (7 per Fig 1)) comprising: 

a NAT facility for connecting at least two hosts inside a first network to a second network, 
wherein the NAT facility allows the inside hosts to share an address of the second network 
(Proxy (NAT facility) for connecting a single host (1 per Fig 1) inside a private network or local 
(first network) to a public network (second network) per Pg 1 Para[0005] to [0012]) 

a gateway interface for connecting to a demilitarized zone (DMZ) host inside the first network ( 
inherent local interface on Proxy (gateway interface) for connecting a local network (inherent 
DMZ) inside the local or first network per Fig 1 and per Pg 1 Para [0005] to [0012]) in response 
to a request from a DMZ host( Pg 9 Para [0009]) 

a disposer is connected to the gateway interface for assigning an address to the second network 
to the DMZ host in response to a request from the DMZ host (NAT or disposer is inherently 
connected to the inherent local interface on the Proxy per Fig 1 and assigns the IP address of 
second network based upon a request per Pg 1 Para[0009] ) 

a dispatcher connected to the gateway interface and the NAT facility of communicating message 
between the second network and the gateway interface or the NAT facility according to a 
communication criteria of the message (The combination of the Access list , packet filter, and 
NAT (dispatcher) are inherently connected to the inherent local interface on the Proxy and is also 
connected to the Proxy (NAT facility and either filter or pass packets or messages on route to the 
single host per Fig 1 according to a criteria based upon the packet or message per Pg 1 Para 
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[0005] to [0012])) the dispatcher storing the address of the DMZ host and comparing the 
destination address information of a message received from the second network with the address 
of the DMZ host and forwarding the message to the DMZ host when the communication criteria 
corresponds to the DMZ host (The NAT inherently stoes the address of the DMZ host and 
compares the destination address information of the packet received from the second network 
with the address of DMZ host and forward the message to the host when the addresses match (Pg 
1 Para [0005] to [00012]) 

Eisenberg does not expressly call for: at least two hosts and wherein the disposer assigns the 
second network address of the NAT — enabled device to the DMZ if such address is public and 
the disposer assign a temporary second address and associated validity lifetime to the DMZ if the 
second address of the enabled device is not public a disposer 

Assano teaches: at least two hosts and wherein the disposer assigns the second network address 
of the NAT — enabled device to the DMZ. if such address is public and the disposer assign a 
temporary second address (plurality of global (Public) IP and plurality private IP address 
assigned if a non internet connection of col. 1 lines 24-30 

It would have been obvious to one of ordinary skill in the art at the time of the invention to add 
the at least two hosts and wherein the disposer assigns the second network address of the NAT — 
enabled device to the DMZ if such address is public and the disposer assign a temporary second 
address of Assano to the system of Eisenberg in order to only assign Internet address when 
appropriate. 

Eisenberg and Assano do not expressly call for: associated validity lifetime to the DMZ if the 
second address of the enabled device is not public a disposer 

Shen teaches: associated validity lifetime to the DMZ if the second address of the enabled device 
is not public a disposer (TTL associated with assigned address per Pg 2 Para[0015]) 

It would have been obvious to one of ordinary skill in the art at the time of the invention to add 
the TTL associated with the assigned address of Shen to the system of the combination of 
Eisenberg and Assano in order to minimize the number of addresses which are temporarily 
assigned by managing the time duration of their assignment. 

6. Claims 10-11 are rejected under 35 U.S.C. 103(a) as being unpatentable over Eisenberg 
(U.S. Patent Pub No.: US2003/01 88001) in view of Assano (US Patent No.: 7,197,035) in view 
of Shen (U.S. Patent Pub. No.: US2004/0139170) further in view of Nesset (U.S. Patent No.: 
5,968,176) 



» 
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Referring to claim 10, the combination of Eisenberg, Assano, and Shen teach: the NAT-enabled 
device of claim 9. 

The combination of Eisenberg Assano, and Shen do not expressly call for: wherein the 
communication criteria is derived from a medium control (MAC) address of the message 

♦ 

Nesset teaches: wherein the communication criteria is derived from a medium control (MAC) 
address of the message (Filtering on MAC SA per col. 1 1 lines 54 to 63 

It would have been obvious to add the packet filtering of Nesset to the dispatcher of the 
combination of Eisenberg, Assano and Shen in order to build a system which improved the 
reliability by filtering on MAC SA of the received packets 

In addition Eisenberg teaches: 

Regarding claim 11, wherein the disposer allows the DMZ host to acquire a validity of life-time 
to transmit message or obtain address of host in the second network upon a request by the DMX 
host (acquire address per Pg 1 Para[009]) 

7. Claims 12-13 are rejected under 35 U.S.C. 103(a) as being unpatentable over Eisenberg 

(U.S. Patent Pub No.: US2003/01 88001) in view of Assano (US Patent No.: 7,197,035 

Referring to claim 12, Eisenberg teaches: a method for communicating information between a 
first network (Local Network per Fig 1 ) and a second network (WAN/Internet per Fig 1) the 
method comprising; 

Assigning a second network address to a demilitarized zone host of the first network (1 per Fig 1 
is assigned the IP address of the Proxy per Fig 1) 

Forwarding the message to the DMZ host of the first network when a communication criteria of 
the message matches a first criteria (The packet is forward to the 1 per Fig 1 or DMZ host when 
the IP address of Proxy matches the packet destination address) and 

Receiving from the second network a message (The proxy would inherently receive the second 
message) and forwarding the message to a host (inherently performed by the Proxy) 

Eisenberg does not expressly call for: second network message having a destination address 
equal to the second network address 

Forwarding the message to another host of the first network when the communication criteria of 
the message does not match the criteria 
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Assano teaches: second network message having a destination address equal to the second 
network address (inherently receiving a second message based upon the plurality of network IP 
addresses) 

Forwarding the message to another host of the first network when the communication criteria of 
the message does not match the criteria (Inherently forwarding the packet or message to another 
host of the first network based upon the assigned IP address per col. 1 lines 23 to 29) 

It would have been obvious to one ordinary skill in the art at the time of the invention to add the 
multiple address of Assano to the system of Eisenberg in order to in order to minimize the 
number of addresses which are temporarily assigned 

Referring to claim 13, the combination of Eisenberg and Assano teach: the method of claim 12 

Eisenberg does not expressly call for: wherein the second network address assigned to the DMZ 
host is the second network address of the first network when such address is public and the 
second network address assigned to the host is a temporary second network address when the 
second network address of the first network is not public 

Assano teaches: wherein the second network address assigned to the DMZ host is the second 
network address of the first network when such address is public. and the second network address 
assigned to the host is a temporary second network address when the second network address of 
the first network is not public (col. 1 lines 22 to 30) 

It would have been obvious to one of ordinary skill in the art at the time of the invention to add 
the wherein the second network address assigned to the DMZ host is the second network address 
of the first network when such address is public and the second network address assigned to the 
host is a temporary second network address when the second network address of the first 
network is not public Assano to the system of the combination of Eisenberg and Assano in order 
to build a system to minimize the number of addresses which are temporarily assigned 

8. Claim 14 is rejected under 35 U.S.C. 103(a) as being unpatentable over Eisenberg (U.S. 
Patent Pub No.: US2003/0 188001) in view of Assano (US Patent No.: 7,197,035) further in view 
of Nesset (U.S. Patent No.: 5,968,176) 

Referring to claim 14, the combination of Eisenberg and Assano teach: the method of claim 13 

The combination of Eisenberg and Assano do not expressly call for: wherein the communication 
criteria is derived from a medium control (MAC) address of the message 
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* 

Nesset teaches: wherein the communication criteria is derived from a medium control (MAC) 
address of the message (Filtering on MAC SA per col. 1 1 lines 54 to 63 

It would have been obvious to add the packet filtering of Nesset to the dispatcher of the 
combination of Eisenberg and Assano in order to build a system which improved the reliability 
by filtering on MAC SA of the received packets. 

9. Claims 15-18 are rejected under 35 U.S.C. 103(a) as being unpatentable over Eisenberg 
(U.S. Patent Pub No.: US2003/0188001) in view of Assano (US Patent No.: 7,197,035) further in 
view of Nesset (U.S. Patent No.: 5,968,176) further in view of Shen (U.S. Patent Pub. No.: 
US2004/0139170) 

Referring to claim 15, the combination of Eisenberg, Assano, and Nesset teach the method of 
claim 14 temporary network address 

The combination of Eisenberg, Assano, and Nesset do not expressly call for: wherein the 
temporary address has a shorter duration than a permanent address 

Shen teaches: wherein the temporary address has a shorter duration than a permanent address 
(per Pg 2 Para [0015]-[0016]) 

It would have been obvious to one of ordinary skill in the art at the time of the invention to add 
the Time to Live of the temporary address of Shen to system of the combination of Eisenberg, 
Assano, and Nesset in order to build a system which can optimize the total number of temporary 
addresses used by managing the duration for which they are assigned. 

Referring to claim 16, the combination of Eisenberg, Assano, Nesset, and Shen teach: the 
method of claim 15 and time to live associated with an address. 

The combination of Eisenberg, Assano, Nesset, and Shen do not expressly call for: reassignment 
of a second address. 

The examiner takes official notice: that reassignment of an address is well known in the art: 

It would have been obvious to one of ordinary skill in the art at the time of the invention to 
reassign a second address when an address expires in order to extend the connection. 

In addition Eisenberg teaches: 

Regarding claim 17, further comprising detecting for an active connection between the first and 
second networks (The NAT receives incoming or outgoing request or detecting whether there is 
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an active connection per Pg 1 Para [0009]) activating an connection between the first and second 
net works, when no connection between the first and second networks exist (IP address assigned 
and connection inherently activated per Pg 1 Para[0009]) 

Regarding claim 18, wherein assigning the second network address to the DMZ host is response 
to a request from the DMZ host (pg 1 Para[0009]) 

m 

10. Claim 19 is rejected under 35 U.S.C. 103(a) as being unpatentable over Eisenberg (U.S. 
Patent Pub No.: US2003/0 188001) in view of Assano (US Patent No.: 7,197,035) 

Referring to claim 19, Eisenberg teaches: A network address translation (NAT)-enabled device 
(Proxy (7 per Fig 1)) comprising: comprising a NAT facility (Proxy or (NAT facility) per Fig 1 
and Pg 1 Para[0005] to [0012]) 

a gateway interface (inherent interface on the Proxy per Fig 1 and per Pg 1 Para [0005] to 
[0012]) 

a disposer ( (NAT assigns IP addres per Pg 1 Para[0009]); 

a dispatcher (The combination of the Access list and packet filter (dispatcher) are inherently 
connected to the inherent local interface on the Proxy and is also connected to the Proxy (NAT 
facility and either filter or pass packets or messages on route to the single host per Fig 1 
according to a criteria based upon the packet or message per Pg 1 Para [0005] to [0012])) for 
performing the method comprising; 

Assigning a second network address to a demilitarized zone host of the first network (1 per Fig 1 
is assigned the IP address of the Proxy per Fig 1) 

Forwarding the message to the DMZ host of the first network when a communication criteria of 
the message matches a first criteria (The packet is forward to the 1 per Fig 1 or DMZ host when 
the IP address of Proxy matches the packet destination address) and 

Receiving from the second network a message (The proxy would inherently receive the second 
message) and forwarding the message to a host (inherently performed by the Proxy) 

* 

Eisenberg does not expressly call for: second network message having a destination address 
equal to the second network address 

Forwarding the message to another host of the first network when the communication criteria of 
the message does not match the criteria 
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Assano teaches: second network message having a destination address equal to the second 
network address (inherently receiving a second message based upon the plurality of network IP 
addresses) 

Forwarding the message to another host of the first network when the communication criteria of 
the message does not match the criteria (Inherently forwarding the packet or message to another 
host of the first network based upon the assigned IP address per col. 1 lines 23 to 29) 

It would have been obvious to one ordinary skill in the art at the time of the invention to add the 
multiple address of Assano to the system of Eisenberg in order to in order to minimize the 
number of addresses which are temporarily assigned 

Claim Rejections - 35 (JSC §112 

1 1 . The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

12. Claims 1-17 are rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as 
the invention. 

i 

Referring to claim, what is meant by "the inside hosts". Are the "inside hosts" the same hosts as 
"the two host inside a first network"? What is meant by "according to a communication criteria 
of the message"? The dispatcher contains criteria for processing the message. The message does 
not contain the criteria! 

Referring to claim 3, what is meant by "assigns the second network address of the NAT-enabled 
device to the DMZ host if such address is public"? Is the applicant trying to say that the DMZ 
host is assigned a public address based upon a condition? 

Referring to claims 6, 1 1, & 15; what is meant by "acquire a validity lifetime" ? Is a time to life 
assigned to message or addresses? 

Referring to claim 7, what is meant by "such message"? Is the applicant referring to "the 
message"? 

Referring to claim 9, what is meant by "wherein the disposer assigns the second network address 
of the NAT-enabled device to the DMZ host if such address is public and the disposer assigns a 
temporary second network address and associated validity lifetime to the DMZ host if the second 
address of the NAT-enabled device is not public"? Is the applicant trying to say that a public 
address is assigned based upon criteria otherwise if the criteria is not met then a non-public 



t 

Application/Control Number: 10/708,554 Page 12 

Art Unit: 2619 

address or private address is assigned allow with an associated time to live for the non-public 
address? 

What is meant by "forwarding the message to the DMZ host when the communication criteria 
corresponds to the DMZ host and forwarding the message to the NAT facility when the 
communication criteria does not correspond to the DMZ host ? Is the applicant trying to say that 
the message is compared to a criteria and if it meets the criteria the message is forwarded to the 
host otherwise the message is forward to the NAT facility? 

Referring to claims 12 & 19, what is meant by "when the communication criteria of the message 
does not match criteria? The criteria is not in the message. Is the applicant trying to say that the 
contents in the message is evaluated against a criteria which is used to determine where the 
message is forwarded? 

Referring to claim 15, what is meant by "wherein the temporary second network address has a 
validity lifetime considerable shorter than the second network address of the first network"? 

Referring to claim 16, what is meant by "reassigning a second network address to a demilitarized 
zone (DMZ) host of the first network upon expiry of the validity lifetime"? Does this mean that 
DMZ host is assigned a another non-public address upon expiration of a time to live associated 
with the first non-public address? 

Referring to. claim 19, it is unclear in this claim whether the devices (NAT facility , gateway 
interface, disposer and dispatcher are performing the method collectively or one of the devices 
individually is performing the method. 

Conclusion 

13. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Robert W. Wilson whose telephone number is 571/272-3075. 
The examiner can normally be reached on M-F (8:00-4:30). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Edan Orgad can be reached on 571/272-7884. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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